From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754342AbbGPA1r (ORCPT ); Wed, 15 Jul 2015 20:27:47 -0400 Received: from mail-ig0-f175.google.com ([209.85.213.175]:37892 "EHLO mail-ig0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753897AbbGPA1p (ORCPT ); Wed, 15 Jul 2015 20:27:45 -0400 Date: Wed, 15 Jul 2015 17:27:43 -0700 (PDT) From: David Rientjes X-X-Sender: rientjes@chino.kir.corp.google.com To: Konstantin Khlebnikov cc: linux-mm@kvack.org, Christoph Lameter , Andrew Morton , linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/2] mm/slub: fix slab double-free in case of duplicate sysfs filename In-Reply-To: <20150714131704.21442.17939.stgit@buzz> Message-ID: References: <20150714131704.21442.17939.stgit@buzz> User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 14 Jul 2015, Konstantin Khlebnikov wrote: > sysfs_slab_add() shouldn't call kobject_put at error path: this puts > last reference of kmem-cache kobject and frees it. Kmem cache will be > freed second time at error path in kmem_cache_create(). > > For example this happens when slub debug was enabled in runtime and > somebody creates new kmem cache: > > # echo 1 | tee /sys/kernel/slab/*/sanity_checks > # modprobe configfs > > "configfs_dir_cache" cannot be merged because existing slab have debug and > cannot create new slab because unique name ":t-0000096" already taken. > > Signed-off-by: Konstantin Khlebnikov Acked-by: David Rientjes